The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of MySQL: privilege elevation via replication

Synthesis of the vulnerability 

A local attacker with an access to a primary MySQL server can execute SQL code on a secondary SQL server in a superior version.
Impacted products: Fedora, MySQL Community, MySQL Enterprise, openSUSE, Percona Server.
Severity of this bulletin: 2/4.
Creation date: 04/10/2010.
Références of this threat: 49124, BID-43677, CVE-2009-5026, FEDORA-2010-15147, FEDORA-2010-15166, openSUSE-SU-2012:0617-1, VIGILANCE-VUL-9999.

Description of the vulnerability 

The MySQL replication copies data from a primary server to a secondary server. The SQL code is run on the secondary server with SUPER privileges, because it first ran successfully on the primary.

MySQL supports comments indicating SQL code to execute on a specific version:
  /*!5.1.40 here SQL code for versions superior to 5.1.40 */

When the secondary server has a MySQL version superior to the primary, an attacker can use a comment containing code for the secondary server only. As this code is run with SUPER privileges, the attacker can thus elevate his privileges on the secondary server.

A local attacker with an access to a primary MySQL server can therefore execute SQL code on a secondary SQL server in a superior version.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness bulletin impacts software or systems such as Fedora, MySQL Community, MySQL Enterprise, openSUSE, Percona Server.

Our Vigil@nce team determined that the severity of this computer weakness is medium.

The trust level is of type confirmed by the editor, with an origin of user account.

An attacker with a expert ability can exploit this vulnerability announce.

Solutions for this threat 

MySQL: version 5.1.50.
Version 5.1.50 is corrected:
  http://dev.mysql.com/

MySQL: version 5.0.93.
The version 5.0.93 is corrected:
  http://dev.mysql.com/downloads/

Fedora: new mysql packages.
New packages are available:
  mysql-5.1.50-2.fc13
  mysql-5.1.50-2.fc14

openSUSE: new mysql-cluster packages.
New packages are available:
  openSUSE 11.4 : mysql-cluster-7.1.21-52.1
  openSUSE 12.1 : mysql-cluster-7.1.21-2.4.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides computer security alerts. The technology watch team tracks security threats targeting the computer system.